t-110.5110 computer networks ii summary 8.12.2002
Post on 18-Dec-2015
217 views
TRANSCRIPT
![Page 1: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/1.jpg)
T-110.5110 Computer Networks IIT-110.5110 Computer Networks II
SummarySummary
8.12.20028.12.2002
![Page 2: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/2.jpg)
T-110.5116 Computer Networks II - Advanced Features P (4 cr)
Noppa - Lectures - Noppa Page 1 of 1
Noppa-portaali > Kurssit > Informaatio- ja luonnontieteiden tiedekunta > T3050 Tietotekniikan laitos > T-110.5116 > Luennot
Lectures
During Autumn 2008, we will look at protocols and architectures related to mobility
management, session management, authentication, authorization and accounting
(AAA) services and quality of service (QoS). We will also consider how to develop
gigabit Internet routers.
The purpose is that the participants actively read the material beforehand and discuss
problem areas during the lectures. The course consists of the lectures and a final exam.
Networks II lectures start on Monday 22.9. 14.15-16 in T2. Registration happens on this
first lecture. Course material will be in English. Lectures will be in English if required.
https://noppa.tkk.fi/noppa/kurssi/t-110.5116/luennot 14.9.2008
Date Week Day Time Location Topic
22 Sep 08
39 Mon 14.15-16 T2 Introduction
29 Sep 08
40 Mon 14.15-16 T2 Transport issues
06 Oct 08
41 Mon 14.15-16 T2 Mobility protocols
13 Oct 08
42 Mon 14.15-16 T2 NAT (STUN, ICE, TURN)
20 Oct 08
43 Mon 14.15-16 T2 Quality of Service
03 Nov 08
45 Mon 14.15-16 T2 AAA
10 Nov 08
46 Mon 14.15-16 T2 HIP
17 Nov 08
47 Mon 14.15-16 T2 HIP II
24 Nov 08
48 Mon 14.15-16 T2 Internet Router Development using NetFPGA
01 Dec 08
49 Mon 14.15-16 T2 Services and Identity Management
08 Dec 08
50 Mon 14.15-16 T2 Summary
Updated 18 Aug 08 at 18:29
![Page 3: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/3.jpg)
Final ExamFinal Exam
•18.12.2008 16 - 19 T1
•Exam will be based on course material
– Slides
– Articles and standards documents
![Page 4: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/4.jpg)
Summary of CourseSummary of Course
•As discussed the course focuses on several important features of current networking systems
– Mobility, QoS, Security, Privacy
•We observe that these features were not important for the original Internet architecture
•They are important now– Mobility, QoS, Security are coming with IPv6 – IPv6 deployment does not look promising
•Hence, many proposals to solve issues in the current Internet
•Also many solutions to solve expected problems in the Future Internet
![Page 5: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/5.jpg)
Layered ArchitectureLayered Architecture
•Internet has a layered architecture
•Four layers in TCP/IP– Application (L7)– Transport (L4)– Network (L3)– Link layer / physical (L2-L1)
•We will talk a lot about layering– Benefits, limitations, possibilities (cross-layer) – It is not always clear what is a good layering
•A lot of interesting networking developments are happening on application layer
![Page 6: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/6.jpg)
The Internet has ChangedThe Internet has Changed
•A lot of the assumptions of the early Internet has changed
– Trusted end-points
– Stationary, publicly addressable addresses
– End-to-End
•We will have a look at these in the light of recent developments
•End-to-end broken by NATs and firewalls
![Page 7: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/7.jpg)
Network has ValueNetwork has Value
•A network is about delivering data between endpoints
•Data delivery creates value
•Data is the basis for decision making
•We have requirements to the network– Timeliness– Scalability– Security– ...
![Page 8: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/8.jpg)
Looking at the LayersLooking at the Layers
•Link Layer / Physical
•Network– We will look at mobility, security, and QoS on L3– Mobile IP, network mobility, HIP, NAT Traversal
•Transport– Basic properties of transport layer protocols
• TCP variants, DCCP, TLS, dTLS– Mobility and security on L4
•Application– Security, identity management
•Goal: have an understanding of the solutions and tradeoffs on each layer and discussion on the role of layering
![Page 9: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/9.jpg)
Role of StandardsRole of Standards
•On this course, we will talk a lot about standards
– IETF is the main standards body for Internet technologies
– Instruments: RFCs, Internet drafts
– Working groups
– IRTF
•Other relevant standards bodies
– W3C, OMA, 3GPP, OMG
![Page 10: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/10.jpg)
Transport IssuesTransport Issues
•Network layer (IP) provides basic unreliable packet delivery between end-points
•Transport layer needs to provide reliability, congestion control, flow control, etc. for applications
•TCP variants
•SCTP
•DCCP
•TLS
•DTLS
![Page 11: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/11.jpg)
TCP ImprovementsTCP Improvements
•Concepts: Congestion window, round-trip time, retransmission timeout, duplicate acknowledgement (triggered by out of order segment)
•Congestion control
– Packet loss as a signal, reduce rate
•Fairness
– Transport implementations must be fair to other flows
•Retransmission mechanism
•Selective acknowledgements (SACK), RFC 2018
– Additional information about ”holes” in sequence number space
•Limited transmit & early retransmit, timestamps
![Page 12: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/12.jpg)
SCTPSCTP•Stream Control Transmission Protocol (SCTP)
•Specified in RFC 2960
•Additional features to TCP
– Preservation of message boundaries
– Support for multiple streams
– Support for multi-homing
•Packets consist of chunks: INIT, SACK, HEARBEAT, DATA, ABORT, SHUTDOWN, ERROR, and AUTH
•Partial reliability
– Retransmissions until abort
•Extended Socket API (bind(), context data with sendmsg())
•Suitable for signalling traffic
•Challenges with middleboxes
![Page 13: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/13.jpg)
DCCPDCCP
•Datagram Congestion Control Protocol (DCCP)
•Unreliable datagram-oriented protocol (RFC 4340)
– UDP with congestion control
•Connection-oriented, requires connection state machine
•Congestion control requires ack mechanism and sequence numbers
•Negotiable features and options
– Checksums, congestion control parameters
•Some features: partial checksums, service codes
•Suitable for long-lived non-reliable flows
•Challenges with middleboxes
![Page 14: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/14.jpg)
MobilityMobility
•What happens when network endpoints start to move?
•What happens when networks move?
•Problem for on-going conversations– X no longer associated with address– Solution: X informs new address
•Problem for future conversations– Where is X? what is the address?– Solution: X makes contact address available
•In practice not so easy. Security is needed!
![Page 15: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/15.jpg)
Mobility on the InternetMobility on the Internet•Mobile IPv4
– Mobile Node, Home Agent, Foreign Agent– Home agent tunnels packets to FA or MN– Packets from MN go directly or via HA
•Mobile IPv6– Route optimization– No need for foreign agents– Uses IPv6 functions, neighbor discovery– Uses IPv6 header extensions instead of tunneling
•NEMO– Solution for network mobility– Based on Mobile IPv6– A mobile router communicates with a home agent as the
network moves• A bidirectional tunnel
![Page 16: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/16.jpg)
NAT TraversalNAT Traversal
•As mentioned, end-to-end is broken
•Firewalls block and drop traffic
•NATs do address and port translation– Hide subnetwork and private IPs
•How to work with NATs– Tricky: two NATs between communications– NAT and NAPT– One part is to detect NATs– Another is to get ports open
•IETF efforts– STUN– ICE– TURN– NSIS
![Page 17: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/17.jpg)
NAT FeaturesNAT Features
• NAT provides transparent and bi-directional connectivity between networks having arbitrary addressing schemes
• NAT eliminates costs associated with host renumbering
• NAT conserves IP addresses
• NAT eases IP address management
• Load Balancing
• NAT enhances network privacy
• Address migration through translation
• IP masquerading
• Load balancing
![Page 18: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/18.jpg)
NAT ConcernsNAT Concerns
•Performance
– IP address modification, NAT boxes need to recalculate IP header checksum
– Port number modification requires TCP checksum recalculation
•Fragmentation
– Fragments should have the same destination
•End-to-end connectivity
– NAT destroys universal end-to-end reachability
– NATted hosts are often unreachable
![Page 19: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/19.jpg)
NAT ConcernsNAT Concerns
•Applications with IP-address content
– Need AGL (Application Level Gateway)
– Typically applications that rely on IP addresses in payload do not work across a private-public network boundary
– Some NATs can translate IP addresses in payload
•NAT device can be a target for attacks
•NAT behaviour is not deterministic
•NATs attempt to be transparent
– Challenges for network troubleshooting
![Page 20: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/20.jpg)
NAT TraversalNAT Traversal
•Challenge: how to allow two natted hosts communicate?
•Straighforward solution: use a relay with a public address that is not natted
– Connection reversal possible if a node has a public address
• Relay is a rendezvous point
•More complicated solutions
– Detect presence of NATs
– Hole punching
![Page 21: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/21.jpg)
TURNTURN
•IETF MIDCOM draft ”Traversal Using Relay NAT (TURN)”
•TURN is a protocol for UDP/TCP relaying behind a NAT
•Unlike STUN there is no hole punching and data are bounced to a public server called the TURN server
•TURN is the last resource. For instance behind a symmetric NAT
•It introduces a relay
– Located in customers DMZ or Service Provider network
– Single point of failure
– Requires a high performance server
![Page 22: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/22.jpg)
STUNSTUN• IETF RFC 3489 ”STUN – Simple Traversal of User Datagram Protocol
(UDP) Trough Network Address Translators (NATs)”
•A client-server protocol to discover the presence and types of NAT and firewalls between them and the public Internet
•STUN allows applications to determine the public IP addresses allocated to them by the NAT
•Defines the operations and the message format needed to understand the type of NAT
•The STUN server is contacted on UDP port 3478
•The server will hint clients to perform tests on alternate IP and port number too (STUN servers have two IP addresses)
•Revised STUN: "Session Traversal Utilities for NAT“
– Binding discovery, NAT keep-alives, Short-term password, Relay (previously TURN)
![Page 23: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/23.jpg)
ICEICE•IETF MMUSIC draft ”Interactive Connectivity
Establishment (ICE): A Methodology for Network Address Translator (NAT)”
•Allows peers to discover NAT types and client capabilities
•Provide alternatives for establishing connectivity, namely STUN and TURN
•Works with all types of NATs, P2P NAT traversal
•Designed for SIP and VoIP. Can be applied to any session-oriented protocol
•The detailed operation of ICE can be broken into six steps: gathering, prioritizing, encoding, offering and answering, checking, and completing.
![Page 24: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/24.jpg)
QoSQoS
•By default, there is no QoS support on the Internet
•IP is unreliable, packet types are handled differently (TCP/UDP/ICMP)
•No guarantees on TCP flow priority (OS and NW stack issue)
•IETF work– DiffServ, IntServ, NSIS
![Page 25: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/25.jpg)
QoS Architectures for InternetQoS Architectures for Internet• Integrated Services (IntServ)
– Flow Based QoS Model (Resources are available prior to establishing the
session)
– Session by session (end-to-end)
– Uses RSVP (signaling protocol) to create a flow over a connectionless IP
• Differentiated Services (DiffServ)
– Categorize traffic into different classes or priorities with high priority value
assigned to real time traffic
– Hop by hop (no assurance of end-to-end QoS)
• Multiprotocol Label Switching (MPLS)
– Not primarily a QoS model, rather a Switching architecture
– Ingress to the network decides a label according to FEC
![Page 26: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/26.jpg)
Security FeaturesSecurity Features
•IPSec provides basic security (tunnel,transport) with IKE
•Solution for autentication, authorization, accounting is needed (AAA)
– Radius, Diameter
•Case: WLAN access network
![Page 27: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/27.jpg)
AAAAAA
•AAA
– Authentication, Authorization, Accounting
– RFC 2903 (Generic AAA Architecture)
– RFC 2904 (AAA Authorization Framework)
•AAAA
– AAA and Auditing
•Accounting and billing
– Accounting is gathering information for billing, balancing, or other purposes
– Billing is a process to generate a bill for customers based on gathered information
![Page 28: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/28.jpg)
Motivation for AAAMotivation for AAA
•Service organizations to host multiple organizations requiring dial-in facilities
•User organizations to outsourcing their dial-in service to one or more 3rd parties
•Agreements can be implemented using a standards based protocol (RADIUS)
•RADIUS allows User organizations or Agents to migrate to other Service Providers.
•An agent, using proxy AAA to change its service without affecting the agreement with its customers
•A service organization to have ultimate authority over its users
![Page 29: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/29.jpg)
Physical
Link
Network
Transport
Application
Physical
Link
Network
Transport
Application
PAP, CHAP, WEP, ..
IPsec
HIP
HTTPS, S/MIME, PGP,WS-Security, Radius, Diameter, SAML 2.0 ..
TSL, SSH, ..
![Page 30: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/30.jpg)
RadiusRadius
•Remote Authentication Dial In User Service (RADIUS) is defined in RFC 2865
•Designed to authenticate dial-in-access customers
– Used for dial-in lines and 3G networks
•Idea to have a centralized user database for passwords and other user information
– Cost efficient
– Easy to configure
•Radius is used together with an authentication protocol such as PAP or CHAP
![Page 31: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/31.jpg)
RadiusRadius
•A client-server protocol
– Network Access Server (NAS) is the client
– Radius Server is a server
•Security based on previously shared secret
•More than one server can serve a single client
•A server can act as a proxy
•Based on UDP on efficiency reasons
•No keep-alive signaling
![Page 32: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/32.jpg)
Radius LimitationsRadius Limitations•Scalability
– No explicit support for agents, proxies, ..– Manual configuration of shared secrets
•Reliability– UDP not reliable, accounting info may be lost
•Does not define failover mechanisms– Implementation specific
•Mobility support
•Security– Applied usually in trusted network segments or VPNs– Application layer authentication and integrity only for use
with Response packets– No per packet confidentiality
•Diameter addresses some of the security issues
![Page 33: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/33.jpg)
DiameterDiameter•A network protocol for providing AAA services to roaming users
– Replacement for RADIUS, Kerberos, TACACS+
– Open base protocol provides transport, message delivery, and error handling services
•Diameter Base Protocol is defined in RFC 3588
•Defines the following facilities
– Delivery of AVPs (attribute value pairs)
– Capabilities negotiation
– Error notification
– Extensibility through additional new commands and AVPs
– Basic services necessary for applications
• Handling of user sessions, Accounting, ..
![Page 34: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/34.jpg)
DiameterDiameter
•Uses TCP and SCTP for communications
•Can be secured using IPSEC and TLS
•End-to-end security is recommended but not mandatory
•Based on request-answer signal pairs
•In the Diameter network there can be
– clients, relays, proxies, and redirect and translation agents
![Page 35: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/35.jpg)
802.1X Security802.1X Security
Source: http://upload.wikimedia.org/wikipedia/commons/6/63/8021X-Overview.png
![Page 36: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/36.jpg)
HIPHIP
•HIP is a proposal to unify mobility, multi-homing, and security features that are needed by applications
•Identity-based addressing realizing locator-identity split
•Change in the networking stack that is not very visible to applications (no IP addresses though!)
•HIP architecture, HIP implementation for Linux
![Page 37: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/37.jpg)
HIP in a NutshellHIP in a Nutshell
• Architectural change to TCP/IP structure
• Integrates security, mobility, and multi-homing
–Opportunistic host-to-host IPsec ESP
–End-host mobility, across IPv4 and IPv6
–End-host multi-address multi-homing, IPv4/v6
–IPv4 / v6 interoperability for apps
• A new layer between IP and transport
–Introduces cryptographic Host Identifiers
![Page 38: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/38.jpg)
IP addr
• A new Name Space of Host Identifiers (HI)
–Public crypto keys!
–Presented as 128-bit long hash values, Host ID Tags (HIT)
• Sockets bound to HIs, not to IP addresses
• HIs translated to IP addresses in the kernel
The IdeaThe Idea
ProcessProcessProcessProcess
TransportTransportTransportTransport
IP layerIP layerIP layerIP layer
Link layerLink layerLink layerLink layer
IP address
< , port>
Host Host IdentityIdentityHost Host
IdentityIdentityHost ID
Host ID
![Page 39: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/39.jpg)
Control/data separationControl/data separation
ID R
i3 overlay
basedrendezvous
infra
![Page 40: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/40.jpg)
Services and Identity ManagementServices and Identity Management
•Privacy and trust matters a lot
•Services on the Web
•Single sign-on
– Liberty, OpenID, GAA, ..
•Recent developments
![Page 41: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/41.jpg)
Web applicationsWeb applications
•Recent trend has been to develop web applications
– Traditional applications on Internet (office suites,..)
– Search (Google, Yahoo, ..)
– Instant communications and presence
– Social collaboration and networking sites
– Data sharing sites and video sharing
– Data storage services
– Blogging
•Another recent trend is to simplify signing to services
– Single Sign-On, federated identity, OpenID
•And creating mashups
– Combining services in new ways
– Custom experience and personalization
![Page 42: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/42.jpg)
RESTREST
•REST (Representational State Transfer) (Roy Fielding, PhD thesis)
– Architectural style of networked systems
– Applications transfer state with each resource representation
• Representations of the data are transmitted
– State is a property of a resource
•Resources
– Any addressable entity
– Web site, HTML page, XML document, ..
•URLs Identify Resources
– Every resource uniquely identifiable by a URI
![Page 43: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/43.jpg)
Security and TrustSecurity and Trust
•We are going towards identity-based service access
– A number of identities per host
– Pseudonyms, privacy issues
– Delegation and federation are needed
•Decentralization: the user has the freedom of choosing who manages identity and data
•Solutions for authentication
– Web-based standard (top-down)
• ID-FF
– Web-based practice (bottom-up)
• OpenID and oAuth
– Web services
• SAML 2.0
![Page 44: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/44.jpg)
Papers on the course web pagePapers on the course web page
•Rethinking the design of the Internet: the end-to-end arguments vs. the brave new world
•On Compact Routing for the Internet authored by Dima Krioukov, kc claffy, Kevin Fall, and Arthur Brady. Published in the ACM SIGCOMM Computer Communication Review (CCR), v.37, n.3, 2007.
•Designing DCCP: Congestion Control Without Reliability (PDF), by Eddie Kohler, Mark Handley, and Sally Floyd. Proc. ACM SIGCOMM 2006.
•IETF Journal article on ICE
•Peer-to-peer Communication Across Network Address Translators
•Amazon's Dynamo. SOSP 2007.
•And many RFCs
![Page 45: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/45.jpg)
Questions and DiscussionQuestions and Discussion
![Page 46: T-110.5110 Computer Networks II Summary 8.12.2002](https://reader037.vdocuments.us/reader037/viewer/2022110322/56649d255503460f949fb640/html5/thumbnails/46.jpg)
Thank YouThank You